Increase in SSH attacks as of announcement of rtld bug

Everyone:

I don't know if it's a coincidence, but I doubt it is: Since the 
announcement of the rtld bug, we've seen a precipitous increase in 
the number of SSH password guessing attacks on our systems. 
Apparently, the folks who are mounting the attacks (usually via 
botnets) have realized that if they get into user shell account on 
an unpatched system, they have effectively broken root.

It would be wise for all FreeBSD system administrators to set 
AllowUsers as restrictively as possible in sshd_config, and also 
(because the attacks can take a great toll on servers in terms of 
CPU and other resources) consider other changes to "armor" their 
systems against SSH attacks. It may be time, in fact, to consider 
implementing single packet authentication as the default in SSH 
servers and as a built-in feature in SSH clients. (Does anyone know 
of a good SSH client that integrates a single packet authentication 
system -- e.g. fwknop? I'm already seeking sources and a toolchain 
so that I can try my hand at doing this for TeraTerm.)

--Brett Glass

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"